Recently, I was helping a colleague troubleshoot connectivity issues between an Azure VM and Azure SQL Database. The client architecture looks like this:
The failing connections were coming from the DMZ. Watching network traffic using Wireshark, we saw an attempt to connect to the Azure SQL Database on port 11029. A Google search led me to the following link:
From the link:
Ensure that the port ranges of 11000-11999 on your Azure client machine are left available for ADO.NET 4.5 client interactions with SQL Database.
After opening port 11029 to the DMZ server the connections succeeded. Azure Support provided this link to explain why the port range is required.
I was unaware of this requirement before this and hope that this will help others who encounter this scenario.